[CERT-daily] Tageszusammenfassung - 28.03.2019

Daily end-of-shift report team at cert.at
Thu Mar 28 18:20:27 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 27-03-2019 18:00 − Donnerstag 28-03-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Analysis of LockerGoga Ransomware ∗∗∗
---------------------------------------------
We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […]
---------------------------------------------
https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/


∗∗∗ [SANS ISC] Running your Own Passive DNS Service ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources.
---------------------------------------------
https://blog.rootshell.be/2019/03/28/sans-isc-running-your-own-passive-dns-service/


∗∗∗ Unseriöse Installateur- und Elektrodienste erkennen ∗∗∗
---------------------------------------------
Bei Problemen mit verstopften Abflüssen, kaputten Heizungen oder anfälligen Wartungen wenden Sie sich besser nicht an sanitaerhilfe.at oder installateur-top1.at. Es handelt sich um unseriöse Unternehmen, die sich weder an ihre Versprechungen halten noch Schäden beheben. Obendrein wird ein überteuerter Betrag kassiert.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioese-installateur-und-elektrodienste-erkennen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco Botches Fix for RV320, RV325 Routers, Just Blocks curl User Agent ∗∗∗
---------------------------------------------
Ciscos RV320 and RV325 router models for small offices and small businesses remain vulnerable to two high-severity flaws two months after the vendor announced the availability of patches. The fixes failed their purpose and attackers can still chain the bugs to take control of the devices. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320-rv325-routers-just-blocks-curl-user-agent/


∗∗∗ Multiple "0day" Verwundbarkeiten in HPE Intelligent Management Center ∗∗∗
---------------------------------------------
Die Zero Day Iniative (ZDI) hat heute über mehrere ungepatchte Verwundbarkeiten in HPE Intelligent Management Center berichtet.
Es wird empfohlen, Kommunikation mit HPE Intelligent Management Center entsprechend nur von vertrauenswürdigen Geräten aus zu ermöglichen.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-19-294/
https://www.zerodayinitiative.com/advisories/ZDI-19-295/
https://www.zerodayinitiative.com/advisories/ZDI-19-296/
https://www.zerodayinitiative.com/advisories/ZDI-19-297/
https://www.zerodayinitiative.com/advisories/ZDI-19-298/
https://www.zerodayinitiative.com/advisories/ZDI-19-299/
https://www.zerodayinitiative.com/advisories/ZDI-19-300/
https://www.zerodayinitiative.com/advisories/ZDI-19-301/
https://www.zerodayinitiative.com/advisories/ZDI-19-302/
https://www.zerodayinitiative.com/advisories/ZDI-19-303/


∗∗∗ Apple watchOS 5.2 ∗∗∗
---------------------------------------------
This document describes the security content of watchOS 5.2.
---------------------------------------------
https://support.apple.com/kb/HT209602


∗∗∗ Sicherheitsupdates: Kritische Lücken in Onlineshop-Software Magento ∗∗∗
---------------------------------------------
Viele Magento-Versionen weisen Schlupflöcher für Schadcode auf und gefährden so Onlineshops. Abgesicherte Ausgaben schließen die Schwachstellen.
---------------------------------------------
http://heise.de/-4354925


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (kernel and wpa), Fedora (firefox and pdns), Gentoo (apache, cabextract, chromium, gd, nasm, sdl2-image, and zeromq), openSUSE (GraphicsMagick and lftp), Red Hat (thunderbird), Scientific Linux (firefox), Slackware (gnutls), and SUSE (ImageMagick).
---------------------------------------------
https://lwn.net/Articles/784251/


∗∗∗ ZDI-19-293: Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-293/


∗∗∗ ZDI-19-292: Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-19-292/


∗∗∗ IBM Security Bulletin: Rational Test Control Panel component in Rational Test Virtualization Server and Rational Test Workbench affected by Spring vulnerability (CVE-2018-15756) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-rational-test-control-panel-component-in-rational-test-virtualization-server-and-rational-test-workbench-affected-by-spring-vulnerability-cve-2018-15756/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-19591) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-glibc-vulnerabilities-cve-2018-19591/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2018-0734/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator-8/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-8039) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-packaged-in-ibm-elastic-storage-server-cve-2018-8039/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0732) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2018-0732/


∗∗∗ IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-proventia-network-active-bypass-is-affected-by-openssl-vulnerabilities-cve-2018-0737/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list